Cybersecurity In-Depth: Digging into data about the latest attacks, threats, and trends using charts and tables.
Threat Protection: The REvil RansomwareThreat Protection: The REvil Ransomware
What does DNS activity look like surrounding the REvil/Sodinokibi ransomware threat?
August 24, 2021
Earlier this year year in a blog series about threat trends in DNS security, Cisco Security looked at the REvil ransomware, also known as Sodinokibi or Sodin. It noted how the ransomware compromised far more endpoints than Ryuk but had far less DNS communication. However, when revisiting these metrics, Cisco Security researchers noticed this changed in the beginning of 2021. What’s interesting in revisiting this data over an 18-month span is that while the number of endpoints didn’t rise dramatically in 2021, the amount of DNS activity did when comparing each month with the overall averages. In fact, the one noticeable drop in endpoints in December appears to coincide with the beginning of a dramatic rise in DNS activity.
Read the full blog post to learn more.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023